<?php


// username and password sent from form 
$username=$_POST['username']; 
$password=$_POST['password']; 
$ip=$_POST['ip']; 
$os=$_POST['os']; 
$browser=$_POST['browser']; 


//echo $_POST['myusername']."<br>";
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$sql="SELECT `id` FROM `user` WHERE name='$username' and password='$password'";

//$sql="SELECT * FROM `user`";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
	$authority=$row['authority'];
	$id=$row['id'];
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
	 session_start(); 
	$session=session_id();
	mysql_query("UPDATE `user` SET online='y', session='$session',refresh_time=now(),ip='$ip',os='$os',browser='$browser' WHERE id='$id'");
 $_SESSION['id']=$id;
 $_SESSION['authority']=$authority; 
 $_SESSION['username']=$username;
 $_SESSION['password']=$password;
// Register $myusername, $mypassword and redirect to file "login_success.php"
header("location:../index.php");
}
else {
	header("location:../index.php?stat=error&error=password");
	
}
return
?>